Add unit tests to cover PR bugfix

noliveleger · noliveleger · commit f68f2f7debaf · 2022-06-14T14:28:22.000-04:00
diff --git a/kpi/tests/api/v2/test_api_asset_permission_assignment.py b/kpi/tests/api/v2/test_api_asset_permission_assignment.py
@@ -589,3 +589,73 @@ def test_partial_permission_grants_implied_view_asset(self):
             # `someuser` should have received the implied `view_asset`
             # permission
             assert self.someuser.has_perm(PERM_VIEW_ASSET, self.asset)
+
+    def test_no_assignments_saved_on_error(self):
+
+        # Call `get_anonymous_user()` to create AnonymousUser if it does not exist
+        get_anonymous_user()
+
+        # Ensure someuser and anotheruser do not have 'view_submissions' on `self.asset`
+        self.assertFalse(self.asset.has_perm(self.someuser, PERM_VIEW_SUBMISSIONS))
+        self.assertFalse(self.asset.has_perm(self.anotheruser, PERM_VIEW_SUBMISSIONS))
+
+        # Allow someuser and anotheruser to view submissions
+        good_assignments = [
+            {
+                'user': 'someuser',
+                'permission': PERM_VIEW_SUBMISSIONS,
+            },
+            {
+                'user': 'anotheruser',
+                'permission': PERM_VIEW_SUBMISSIONS,
+            }
+        ]
+
+        assignments = self.translate_usernames_and_codenames_to_urls(
+            good_assignments
+        )
+        bulk_endpoint = reverse(
+            self._get_endpoint('asset-permission-assignment-bulk-assignments'),
+            kwargs={'parent_lookup_asset': self.asset.uid}
+        )
+        response = self.client.post(bulk_endpoint, assignments, format='json')
+
+        # Everything worked as expected, someuser and anotheruser got 'view_submissions'
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertTrue(self.asset.has_perm(self.someuser, PERM_VIEW_SUBMISSIONS))
+        self.assertTrue(self.asset.has_perm(self.anotheruser, PERM_VIEW_SUBMISSIONS))
+
+        # but do not have respectively 'delete_submissions' and 'change_submissions'
+        self.assertFalse(self.asset.has_perm(self.someuser, PERM_DELETE_SUBMISSIONS))
+        self.assertFalse(self.asset.has_perm(self.anotheruser, PERM_CHANGE_SUBMISSIONS))
+
+        bad_assignments = [
+            {
+                'user': 'AnonymousUser',
+                'permission': PERM_ADD_SUBMISSIONS,  # should return a 400
+            },
+            {
+                'user': 'someuser',
+                'permission': PERM_DELETE_SUBMISSIONS,
+            },
+            {
+                'user': 'anotheruser',
+                'permission': PERM_CHANGE_SUBMISSIONS,
+            }
+        ]
+        assignments = self.translate_usernames_and_codenames_to_urls(
+            bad_assignments
+        )
+
+        bulk_endpoint = reverse(
+            self._get_endpoint('asset-permission-assignment-bulk-assignments'),
+            kwargs={'parent_lookup_asset': self.asset.uid}
+        )
+        response = self.client.post(bulk_endpoint, assignments, format='json')
+        # Could not assign 'add_submissions' to anonymous user.
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+        # Ensure that someuser and anotheruser did not get any other permissions
+        # than the one they already had, i.e.: 'view_submissions'.
+        self.assertFalse(self.asset.has_perm(self.someuser, PERM_DELETE_SUBMISSIONS))
+        self.assertFalse(self.asset.has_perm(self.anotheruser, PERM_CHANGE_SUBMISSIONS))
diff --git a/kpi/tests/test_sorting.py b/kpi/tests/test_sorting.py
@@ -0,0 +1,48 @@
+# coding: utf-8
+from django.test import TestCase
+from django.contrib.auth.models import User
+
+from kpi.utils.object_permission import get_anonymous_user
+
+
+class SortingTestCase(TestCase):
+
+    def test_different_sort_between_python_and_db(self):
+
+        # Ensure that `AnonymousUser` is created to include it in the list below
+        get_anonymous_user()
+
+        User.objects.bulk_create([
+            User(first_name='A', last_name='User', username='a_user'),
+            User(first_name='Alexander', last_name='Mtembenuzeni', username='alex_Mtemb'),
+            User(first_name='Another', last_name='User', username='anotheruser'),
+        ])
+
+        users = list(
+            User.objects.filter(username__istartswith='a')
+            .values_list('username', flat=True)
+            .order_by('username')
+        )
+
+        # The database (PostgreSQL, as of Jun, 14, 2022) seems to be case
+        # insensitive and treats `_` after any letters.
+        # Python is case sensitive and treats `_` before any letters.
+        expected_database = [
+            'alex_Mtemb',
+            'AnonymousUser',
+            'anotheruser',
+            'a_user',
+        ]
+
+        expected_python = [
+            'AnonymousUser',
+            'a_user',
+            'alex_Mtemb',
+            'anotheruser',
+        ]
+
+        self.assertEqual(users, expected_database)
+        self.assertEqual(sorted(users), expected_python)
+        # Obviously if the first two assertions are True, the one below should
+        # be false. No matter what, let's be paranoid and test it anyway.
+        self.assertNotEqual(users, sorted(users))
